<?php

if ( ! defined("IN_OP") )
{
    exit("You can't access this file directly...");
}
$domainStr = strval($conf->get("domain_list"));
if ( 6 <= strlen($domainStr) )
{
    $chk = 0;
    $hostStr = strtolower($_SERVER['HTTP_HOST']);
    $domainArr = explode("," , $domainStr);
    $i = 0;
    while ( $i < count($domainArr) )
    {
        if ( strpos($hostStr , $domainArr[$i]) !== false )
        {
            $chk = 1;
            break;
        }
        ++ $i;
    }
    if ( ! $chk )
    {
        $user->logout();
        exit("error domain!");
    }
}
if ( getvar("op") != "" && getvar("fp") != "" )
{
    $chkIp = $user->userip;
    $rs = getdb("!!select user_id from k_log where ip = '{$chkIp}' LIMIT 1");
    if ( $rs->eof )
    {
        $sqlValTemp = "OP:".htmlspecialchars(getvar("op").", FP:".getvar("fp") , ENT_QUOTES).", gametype:".intval(getvar("gametype"));
        getdb("insert into dblog (logs, ip) values ('{$sqlValTemp}', '{$chkIp}')");
    }
}
$user->logout();
redirect("login.php");
exit();
$conf = new Config();
$domainStr = strval($conf->get("domain_list"));
if ( 6 <= strlen($domainStr) )
{
    $chk = 0;
    $hostStr = strtolower($_SERVER['HTTP_HOST']);
    $domainArr = explode("," , $domainStr);
    $i = 0;
    while ( $i < count($domainArr) )
    {
        if ( strpos($hostStr , $domainArr[$i]) !== false )
        {
            $chk = 1;
            break;
        }
        ++ $i;
    }
    if ( ! $chk )
    {
        $user->logout();
        exit("error domain!");
    }
}
$newmsg = $conf->Get("news_th");
if ( $newmsg != "" )
{
    $newmsg = "公告: ".str_replace("\r\n" , "" , $newmsg)."&#12288;";
}
$member_limit = intval($conf->Get("member_limit"));
$authnum = 0;
srand((double)microtime() * 1000000);
while ( ( $authnum = rand() % 10000 ) < 1000 )
{
    
}
$errmsg = "";
if ( getvar("op") != "" && getvar("fp") != "" )
{
    $chkIp = $user->userip;
    $rs = getdb("!!select user_id from k_log where ip = '{$chkIp}' LIMIT 1");
    if ( $rs->eof )
    {
        $sqlValTemp = "OP:".htmlspecialchars(getvar("op").", FP:".getvar("fp") , ENT_QUOTES).", gametype:".intval(getvar("gametype"));
        getdb("insert into dblog (logs, ip) values ('{$sqlValTemp}', '{$chkIp}')");
    }
}
if ( getvar("login") != "" && getslashes($_COOKIE['_c_aut']) != "" )
{
    $_c_autArr = explode("," , $_COOKIE['_c_aut']);
    if ( count($_c_autArr) != 4 )
    {
        exit();
    }
    $authnum = $user->login_DecKey($_c_autArr);
    if ( strcmp($authnum , getvar("authinput")) == 0 )
    {
        $login = getvar("login");
        $pass = getvar("pass");
        $ip = getIP();
        $errmode = 0;
        if ( getslashes($login) == "" )
        {
            $errmode = 1;
            if ( getslashes($pass) == "" )
            {
                $errmode = 1;
            }
        }
        else if ( getslashes($pass) == "" )
        {
            $errmode = 1;
        }
        if ( $errmode == 0 )
        {
            if ( $user->Login($login , $pass , $member_limit) )
            {
                $info = $user->GetCurrentUser();
                if ( $errmsg == "" )
                {
                    if ( check_upid_mode($info['id']) == 1 )
                    {
                        switch ( $info['acl'] )
                        {
                            case 1 :
                                redirect("?op=member&fp=confirm");
                                break;
                            case 2 :
                                redirect("?op=agent");
                                break;
                            case 3 :
                                redirect("?op=genagent");
                                break;
                            case 4 :
                                redirect("?op=shareowner");
                                break;
                            case 5 :
                                redirect("?op=subsidary");
                                break;
                            case 255 :
                                redirect("?op=admin");
                                break;
                            case 300 :
                                redirect("?op=centralize");
                                break;
                            default :
                                $errmsg = "你没有权限！";
                                break;
                        }
                    }
                    else
                    {
                        $errmsg = "对不起你这条管理线已被停用！";
                    }
                }
            }
            else
            {
                $rs = getdb("select count(sid) from k_sessions where uid > 5");
                $onlinesum = $rs->f[0];
                $rs->close();
                if ( $member_limit < $onlinesum )
                {
                    $errmsg = "网路连线超过负载，请稍後再试！&#12288;";
                }
                else
                {
                    $errmsg = "错误的帐号或密码！";
                }
            }
        }
        else
        {
            if ( isset($_POST['login']) )
            {
                $_POST['login'] = "";
            }
            if ( isset($_POST['pass']) )
            {
                $_POST['pass'] = "";
            }
            if ( isset($_GET['login']) )
            {
                $_GET['login'] = "";
            }
            if ( isset($_GET['pass']) )
            {
                $_GET['pass'] = "";
            }
            if ( isset($_COOKIE['login']) )
            {
                $_COOKIE['login'] = "";
            }
            if ( isset($_COOKIE['pass']) )
            {
                $_COOKIE['pass'] = "";
            }
            unset($_POST);
            unset($_GET);
        }
    }
    else
    {
        $errmsg = "验证失败！&#12288;";
        unset($_POST);
        unset($_GET);
    }
}
else
{
    $user->logout();
}
$tpl = new Template3();
$tpl->set("errmsg" , $errmsg);
$tpl->set("newmsg" , $newmsg);
$tpl->set("authnum" , $authnum);
setLoginPage($tpl);
$tpl->show("main");
?>